摘要
提出了一种新的、基于数据挖掘的DoS攻击检测技术———DMDoSD,它首先利用Apriori关联算法从原始网络数据中提取流量特征,然后利用K-means聚类算法自适应地产生检测模型,这两种算法的结合能够实时地、自动地、有效地检测DoS攻击.DMDoSD除了向现有的IDS发出攻击报警外,还进一步利用关联算法分析异常网络数据包,确定攻击特征,为DoS攻击的防御提供支持.
Denial of Service (DOS) is a type of frequent network attack which can severely impact the availability of networks and services. DoS usually utilizes packet attribute spoof techniques to confuse present IDSs such as snort. Typically, the spoof techniques minimize effective and automatic DoS attacks detection. A novel technique based on data mining to detect DoS attacks in real-time called DMDoSD is presented. First, the Apriori association algorithm extracts traffic patterns from empirical network data and subsequently the K-means cluster algorithm adaptively generates a detection model. By combining these two algorithms, DoS attacks can be detected swiftly, automatically and effectively as they arise. In addition to the alerts typically sent out by IDSs, DMDoSD also determines signatures of malicious packets automatically to help to react to DoS attaeks.
出处
《计算机学报》
EI
CSCD
北大核心
2006年第6期944-951,共8页
Chinese Journal of Computers
基金
国家"八六三"高技术研究发展计划项目(2001AA144050
2003AA144050)资助
关键词
拒绝服务攻击
聚类算法
关联算法
实时检测
DoS(Denial of Service) attack
cluster algorithm
association algorithm
real-time detection
